Comments

@weavermedia: Thanks for reaching out. I’m sorry for the confusion! 1Password X depends on the 1Password.com service, so it does not work with local vaults. And a 1Password.com account is also the only way you'd have a Secret Key. However, you can easily try 1Password.com out, and it includes access to all of the apps, the web interface, and does away with license management and sync configuration altogether — you simply login to your account to authorize a device and access your data. You can use it for free for 30 days to take advantage of all of its benefits. And be sure to let us know if you have any other questions!

I just saw the video about 1Password X and love the new look and features. Disappointed it is not integrated with the Mac version of 1Password keeping communications local to the device, and implying that future functionality comes at the price of an annual subscription.

I assume this 1Password.com service means there is (encrypted) communication going on across the net with the 1Password.com site? Not a big fan of that concept. What happens if there is no connection available - something like I'm trying to login to an inflight air service or hotel internet where I have stored account info, but there there isn't a full connection yet?

I just saw the video about 1Password X and love the new look and features.

Great! We like the new 1Password X as well. 😊

Disappointed it is not integrated with the Mac version of 1Password...

1Password X doesn't integrate with the Mac version of 1Password (or the Windows version, either), by design, since we already have a solution that integrates 1Password for Mac with your browser -- it's the existing browser extensions that work with not just Chrome, but Safari, Firefox and Opera, and integrate very tightly with 1Password for Mac. In short, it's the 1Password you're already using - and hopefully enjoying! It will also be getting a major refresh in version 7.

We'd love for you to try 1Password X, but if the 1Password extension in your browser is not fetching data from/connecting to a native app which stores data locally, then it has to get that data from (and connect to) 1password.com's servers on its own.

...implying that future functionality comes at the price of an annual subscription.

We make no bones about the fact that we think a 1Password account (which requires a membership/subscription) is by far the best way to use 1Password for the vast majority of our users, but we're not limiting future functionality to 1password.com members. It's just that 1Password X is designed to be used with and get data from 1password.com, not the native 1Password for Mac or Windows app.

To answer your question regarding data availability when there's no internet connection, 1Password X does keep a local cache of the data contained in any account you've signed into at least once, and you'd have the ability to view/copy/paste your data anywhere you like. The only thing 1Password X can't do without an internet connection at present is save new items.

Glad to hear that version 7 will be getting an uplift, and hopefully it's browser extensions (which I've been using faithfully and happily for many years!) will also be updated to match the cool integrated functionality in 1Password X!

Appreciate the explanation on how the 1Password service works as well. I'll keep evaluating a move to subscription - as of now, it appears to be a great entry for new/less technical users who want ease of install, automatic backups and recovery options.

Hi All - I also have a standalone licence, bought from the Mac App Store. I'd like to use 1Password X, but don't have a secret key. Am I right in thinking that the only way for me to use 1Password X (other than the 30 day trial) is to switch to a subscription?

1Password X is awesome...but because it doesn't rely on a local app to get your 1Password data, it has to connect to something...and that something is a 1password.com account -- 1Password X connects directly (in fact, integrates very deeply) with the 1password.com servers, something that just wouldn't be possible with iCloud or Dropbox. If you'd like to give 1Password X a try, well, I'm certainly on board. A 1password.com membership is by far the best way to use 1Password for the vast majority of our users. Best of all? There's a full 30-day free trial. You can head over to the main 1Password sign-up page, create a new account today, and see 1Password X in action. Let us know if you have any questions!

i am a user of 1password and been using it for many years, i switched from MAC to Ubuntu and i see you have a new thing where we have to pay monthly subscription, the fact is i am using Dropbox all these years encrypt and synced across my computers, with the new 1password and 1 password x are we saving the data on your servers ? how secure it is if you got hacked and our data got stolen ? even data is encrypted, hackers will have access to all the files. how can we continue using Dropbox to save my information ?
i do not like the idea to save my data on your servers.

Welcome to the forum, @ziadsa! Excellent questions. To answer the most straightforward one first: yes, 1password.com account data resides on our servers.

I'm glad to hear you've been a happy 1Password user for years, but I do have one question: you say you've been using Dropbox all that time. If so, then you've already been putting your data on someone else's servers. That's how Dropbox sync works, and if your concern is that data could be stolen from our servers in 1password.com accounts, I'm not sure why you weren't worried that it could have been stolen from Dropbox too, all those years.

how secure it is if you got hacked and our data got stolen ? even data is encrypted, hackers will have access to all the files.

I suppose a lengthy philosophical discussion could be had about what truly secure means, and of course different people will have different ideas, but here's some background about what we actually did to keep your data safe: 2SKD (2-Secret Key Derivation).

When we began to develop 1password.com accounts, we knew the central servers would be a potential target for thieves, hackers and such, and we knew we had to come up with a way to address exactly the question you asked. One of the reasons we began development on 1password.com accounts in the first place is that, for the first time ever, we knew we would have a system where we could control both ends of the (cloud-based) syncing exchange. We remain big fans of both iCloud and Dropbox, but neither of those services was built entirely with 1Password data in mind, for obvious reasons. Both have to sync everything from cat-GIFs to your photo collection to Excel spreadsheets to .wav files to anything else you might want to sync. And there are limits to what can be done with their 3rd party APIs. With 1password.com, WE control what the server does and how well it can interact with the client app you install on your device. And that allows for a lot more flexibility and security than we would ever be able to get out of any 3rd party sync service, because it's purpose-built to sync ONLY your 1Password data, not anything else.

The Secret Key was developed primarily for just such a situation. In 1Password.com accounts, you choose your own Master Password to encrypt your data, just as you've always done in 1Password -- and it's never sent to us. But what's never been possible before with 3rd party cloud-sync services is the Secret Key, which is generated randomly on your device when you first create your 1password.com account. This Secret Key is combined with the Master Password you choose to strengthen your encryption before it ever leaves your device, and the result is that even if we do get hacked, anyone looking to decrypt your data would need not only your Master Password but also this 34-character, randomly-generated Secret Key...which never leaves your device(s). As a result, syncing 1Password data using a specific Master Password in a 1password.com account is significantly more secure than using the same Master Password to sync data via either Dropbox or iCloud, due to the presence of the Secret Key.

Hello Lars, in your posting above you write at least twice that the Secret Key never leave(s) our devices — but I can't see how this can be true as I need to enter the Secret Key when logging into my 1Password Family account.

Actually I find the need to keep this Secret Key around quite bothersome. When using Dropbox to store my vault, I just needed to remember my Dropbox credentials plus my Master Key. Now I need the Secret Key, which is impossible to memorize. I think this is a big step back. I can no longer just grab a new device and "bootstrap" 1Password on it with only information stored in my brain. This frustrates me a lot. I'd rather not use the Secret Key at all (i.e. set it to blank) and just rely on my Master Key alone, but this seems not possible.

A scenario is that if I cross the border to some countries like China and Russia I like to reset my devices so that they don't have anything on them except perhaps minimum travel related stuff. Not even 1Password, because the border guards might force me to unlock the app for them. The travel mode does not help in my eyes as even if I had only "travel safe" vaults on the device I might still have to reveal my Master Password, which I definitely want to keep for myself under all circumstances. So the idea is not to have 1Password on my device at all and install it after having crossed the border. But now I need this damned Secret Key which I need to bring along in some way, and I am burdened to find a way that avoids it getting lost or disclosed. I still hope that I might just might be missing something here, but for now I can only regard this as a big step backwards from the old Dropbox way (which I can no longer use if I want to be able use 1Password X).

...you write at least twice that the Secret Key never leave(s) our devices — but I can't see how this can be true as I need to enter the Secret Key when logging into my 1Password Family account.

The Secret Key is generated for you when you first create your account, and it's not designed to be remembered. In every 1Password app and every browser where you sign into your 1password.com account, a copy of the Secret Key will be stored within the app or browser so that on subsequent uses you only need your Master Password, just like you're used to always having done.

But when you sign into your 1Password account in a browser, you're not sending either the Secret Key or the Master Password to us in plaintext. We use a technology called SRP (Secure Remote Password), which uses a bit of very fancy math to ensure that both sides (you and our servers) can derive certain secrets from what we each know, without having to exchange the actual secrets themselves. You can read more about the process in this post: 1Password is LayerUp-ed with modern authentication. And if you'd like an even more detailed technical explanation, I'd recommend our 1Password.com security white paper, especially the section A Modern Approach to Authentication and Appendix B on Secure Remote Password specifically.

A scenario is that if I cross the border to some countries like China and Russia I like to reset my devices so that they don't have anything on them except perhaps minimum travel related stuff. Not even 1Password, because the border guards might force me to unlock the app for them.

You should definitely take whatever measures you think necessary or reasonable to protect your data when you travel, and I'd never suggest you do otherwise. For most people, Travel Mode is sufficient because it does not merely hide the vaults you mark with Travel Mode, it removes them from your device entirely, until you turn Travel Mode back off after you're safely at your destination, at which point they're re-added via sync. If you believe you'll be forced to reveal your Master Password, then it may indeed be wise to remove the 1Password app entirely from your devices. That's at your own discretion and judgment. But if you're traveling with a laptop that has a browser with which you've previously signed into your 1password.com account, the Secret Key will be stored in local storage on that browser, and as soon as you are through customs/inspection, you can use that to sign into your account using only the browser (no need to enter the Secret Key), turn off Travel Mode, and then re-download the 1Password app and scan your Setup Code to get right back into your 1Password app.

If you plan to purge even your browser cache and local storage/history on your device, then writing down the Secret Key and keeping it somewhere on your person without written explanation regarding what it's for would be one way around this issue. Another would be to securely message or even snail-mail a copy of your Secret Key to either yourself at a destination you know you'll be able to receive mail at once you're across the border, or a trusted friend/associate. Sign in again with your memorized Master Password and this copy of your Secret Key once you're through the border...and then regenerate your Secret Key as soon as possible.

I can only regard this as a big step backwards from the old Dropbox way (which I can no longer use if I want to be able use 1Password X

I suppose it depends on what you consider steps forward/backward. There are numerous undeniable advantages to a 1password.com membership, many of which are only possible because we're able manage both ends (the server and the client apps) of the equation. One of them is one you already mentioned being interested in: 1Password X. If you consider being forced by authorities to reveal your Master Password to be a possible scenario for you, and you consider having to carry a copy of your Secret Key written down or messaging it to a friend or colleague prior to traveling (and then regenerating it afterwards) to be a problem that outweighs having to reinstall both Dropbox and 1Password and remember the credentials for each of those as well as the benefit you get from using 1Password X, then that probably indicates which way you should make that decision: stay with standalone and Dropbox...and forgo 1Password X. That's a question I can't answer for you. Hope this was helpful.

Dear Lars, thank you very much for your quick and exhaustive answer. I appreciate it a lot and also feel more at ease now, partly because it is very reassuring how serious you and your colleagues are taking our doubts and fears, but also because I've now had some more time to think about it, calm down, and realize that this is how things are and that I will be able to cope with the situation.

I guess I was somewhat panicking yesterday when I learned about 1Password X for the first time and liked the idea until the thought "Wait a minute — does 1Password X access Dropbox?" occurred to me and Google sent me to this discussion page.¹

Please allow me to elaborate a bit about the "border crossing" situation, not because I need more answers, but to make you and your colleagues more aware of this situation, so you can keep this topic in mind for the evolution of 1Password.

The problem is not so much that an officer might glance over what's on your phone, tablet or notebook — the real danger is that all over the world it is becoming more and more likely that devices will be analyzed by means of professional state-of-the-art forensic software. These AI driven systems are incredibly thorough, and data and files are their home turf, so there is nothing we'll be able to hide. They don't just analyze what's there, but also what has been deleted. They find encrypted stuff in any form, even steganography will no longer be safe as they understand the structure of every file format there is and how its normal contents statistically looks. And they do all this incredibly quick, so it is indeed feasible for border protection agencies to employ them in big scale, so this will increasingly be done. Not just by China and Russia and some other countries with dubious political systems, also by democratic countries which otherwise emphasize personal freedom and free speech.

And if a forensic system finds something encrypted or even just hints that encryption technologies have been used, the alarm goes off and you will be scrutinized big time, because the officers will surely want to know what you are hiding. It's their job. One does not want to come into the situation where you are asked questions. It is better if no questions at all arise.

So the best idea is to use a device which uses full disk encryption as a standard (so that you are not under individual suspect if this feature is turned on), reset and install it before crossing a border, and putting some innocent stuff on it that you are comfortable to reveal. And don't install dubious software. The reset/reinstall procedure will cause new random keys to be generated which overwrite the previous ones, so contents which is still present in storage blocks (traces of encryption use, deleted files and apps) can not longer be deciphered. The forensic system can only see the data and files of the current installation.

After having crossed the border, you reinstall from a cloud backup, using information from your brain. So I'd really prefer if the Secret Key was easier to remember. How about letting users choose it themselves?

Thank you all for you attention. If you want to know more about this topic, e.g. check out the workings of the EFF (Electronic Frontier Foundation).

— Footnote —
¹) I am going to travel soon and found it too dangerous to bring my MacBook with its data on it, and too bothersome to wipe it blank and restore it later. So I just bought a cheap Chromebook, was first thrilled that 1Password X exists for it, and then shocked that it would require me to produce the Secret Key on the other side of the border.

@Logan8212 - we're pretty familiar with current trends in both surveillance and data forensics as well as how best to protect one's own data when traveling under such considerations. Yes, EFF is a wonderful resource. The crypto wars of the '90s never really ended -- they are being re-fought on new ground, right now, in the post-Snowden era. And we're happy to play a part in that, and offer people protection for their most important data.

After having crossed the border, you reinstall from a cloud backup, using information from your brain. So I'd really prefer if the Secret Key was easier to remember. How about letting users choose it themselves?

Again, the Secret Key was never designed to be remembered. It was designed to protect you in the event WE are hacked and users' encrypted data/vaults falls into adversarial hands. The best defense against that is - as it has always been - a long, strong Master Password that you never use for anything else or disclosed to anyone. But although we mandate a minimum of 10 characters for 1Password.com accounts and prevent the use of some obviously poor choices such as aaaaaaaaaa or 1234567890, people will always use Master Passwords of varying length and strength. We wanted a way to make sure that if data were taken from US (instead of stolen from you via device theft or confiscation, etc), it would be even more difficult to decrypt than brute-forcing (or guessing) a Master Password. The first part of the Secret Key is not really secret at all: A3 is the "version number" of the key, and the first string of six characters is like an identifier: A3-GD7V55 would be the not-secret portion of a Secret Key. Everything else after that is a randomly-generated string equivalent to about 128 bits of additional password entropy, which gets combined with your Master Password to create the secret from which your encryption keys are derived. That means that even if your Master Password were a single character, it would be at least 128-bits strong, due to the Secret Key. Please note this is NOT an invitation to use a poor Master Password, because if an adversary comes into possession of your data by means of stealing one of your devices, the Secret Key will already be present (and retrievable) on that device, and thus providing no additional protection. A strong Master Password is still not only recommended, it is critical to your security. But if a hacker manages to steal your data from US, they will need not only your Master Password, but also your Secret Key (which they won't have, since it is never transmitted to us).

Because the Secret Key is designed to add additional entropy to strengthen your Master Password, that's the main reason we don't allow users to choose their own Secret Keys. Namely, humans are TERRIBLE at randomness; so bad in fact that we aren't even all that good at recognizing it when we see it, let alone creating it ourselves. Any user-chosen string will be much less random - and therefore much easier to crack - than a randomly-generated one.

Honestly, if you're genuinely worried about back-room interrogation sessions with border guards where you're compelled under threat of detainment or force to reveal passwords, then the best device to travel with would be none at all. You won't be put in the position of having to choose whether to be untruthful with authorities, and I have a hard time imagining anyone being detained and asked for passwords to services when they're not even traveling with any computing devices. Purchase that cheap Chromebook you mentioned after you land and get through the authorities' screening. Secure message yourself (or a trusted friend or colleague) a copy of your Secret Key before you board the flight, and use that plus your (remembered) Master Password to sign into your 1Password data in 1Password X on the Chromebook once you're safely through any checks by the authorities.

Thank you once again, @Lars, for your long and thoughtful reply! In the meantime I have been reading https://darthnull.org/series/1password/ and now I am sitting here in awe about what you 1Password guys have been building for us. I also understand why this Secret Key could not have been devised differently. I did not think so much about the danger that data could be stolen or confiscated from your servers, but it is of course a real one, and it's good that you did address it right from the start when "going cloud".

I know of the importance of the Master Key and the fact that, should I ever disclose it, all the scattered backups and copies that have been created over the years (and which authorities might start to search for if they got the key) would be at risk. This is why I wanted to avoid having 1Password already installed on any of the devices I travel with. But reading more about the features of my Family subscription it occurred to me that there might be other options, too, like inviting me as a guest into my own Family and sharing a vault with travel related entries which are important for me but still not really a secret. This second account would have its own Secret Key and Master Key, which are both throw-away, and I could then in fact safely and and cooperatively comply to border guards who request to inspect the vault.

(As you may have guessed, I do have a lot of stuff in 1Password — not just passwords, but random pieces of information, purchase receipts, documents of all kinds, notes etc. If something is important to me, this is where I put it. So I can't think of traveling without it and that's why I think so compulsively about probable or possible situations and devise strategies and solutions — things will surely get worse and we need to be prepared.)

So now I'll get creative about how to transfer the Secret Key without remembering it. You suggested quite a few possible ways, and there are countless others. I admit I have been struggling to understand the Secret Key since 2014 — I have been wondering about its whys and wherefores every time I was confronted with it — but thanks to your explanations I got it now and will stop thinking in the wrong direction. You rock! 👍👍

Honestly, if you're in position where you're likely to be the target of search, seizure, interrogation, and/or detainment, and you must go put yourself in potential peril, it might be prudent to leave your Emergency Kit with a trusted friend or relative. That would allow you to contact them to get it if need, and they'll likely need it themselves if something happens to you.